Compliance Management

Learn how to do ISO 27001, PCI-DSS, NIST, SOC2 or any other compliance requirement with eramba

  • Episodes13
  • Duration1h 21m 44s
  • LanguagesEN
Episode 1

Introduction to the Compliance Module

Quick introduction to the module key capabilities

Compliance modules in eramba are used to explain to people how compliant your organization is with any type of regulatory or contractual requirement.

The process starts by uploading free and open format (CSV based) compliance packages (PCI, ISO, NIST, SOC2, SOX, Etc) provided by us or made by you and link them with other modules in eramba such as Internal Controls, Policies, Exceptions, Risks, Projects, Etc in order to explain people how you complain with them.

This allows you to explain how your organization decided to deal with a requirement, when an auditor asks how you meet requirement 1.1.6 from PCI you simply need to look at the related items. If the auditor needs more details a shortcut provides you direct access to the related items.

Since every module has status of their own you can tell how they are performing (Risks have reviews, Policies have reviews, Controls have Audits, Etc) and that is how you can tell, not just what solution you have for each compliance requirement, but also if those solutions are working or not. That is reflected in the status column, your compliance requirements inherit the status of your solutions making it pretty clear to know when something is ok or not.

This well proven approach will immediately tell through different charts how well your organization is against any set of requirements and how that evolved over time. Collecting reviews, audits, etc using eramba’s built in notifications will ensure you have evidence ready for your auditors to review (and when you do not have the evidence as well!). You no longer need to review your compliance a month or two before the audit, eramba built in audits help you be compliant throughout the year.

You can upload mappings in between compliance packages if you wish, eramba will automatically copy whatever treatment you have on the destination mappings.

 

Once you complete your audits, any finding can be tracked down in eramba along its responsible teams and deadlines and affected compliance requirements. As any module in eramba, you can use filters, reports and notifications to collect status from teams across your organization and help you never miss a deadline.